@REM ======================================================================
@REM Setup VARS
@REM ======================================================================

set MACHINE1=DBLHOP
set MACHINE2=DBLHOPSVR

set FQND=domain.local

set USERACCOUNT=DOMAIN\ServiceAccount

@REM ======================================================================
@REM Use adsutil to config IIS to use kerberos
@REM ======================================================================

cscript C:\inetput\adminscripts\adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders Negotiate


@REM ======================================================================
@REM Use SETSPN to create the SPNs
@REM ======================================================================

setspn -A HTTP/%MACHINE1% %USERACCOUNT%
setspn -A HTTP/%MACHINE1%.%FQND% %USERACCOUNT%

setspn -A HTTP/%MACHINE2% %USERACCOUNT%
setspn -A HTTP/%MACHINE2%.%FQND% %USERACCOUNT%

@REM ======================================================================
@REM Use NTRIGHTS to enable Act as part of operating system and
@REM                        Impersonate a client after authentication
@REM ======================================================================

ntrights +r SeTcbPrivilege -u %USERACCOUNT% -m \\%MACHINE1%
ntrights +r SeTcbPrivilege -u %USERACCOUNT% -m \\%MACHINE2%

ntrights +r SeImpersonatePrivilege -u %USERACCOUNT% -m \\%MACHINE1%
ntrights +r SeImpersonatePrivilege -u %USERACCOUNT% -m \\%MACHINE2%


@REM ======================================================================
@REM Use VB Scripts to give the user the delegate right
@REM ======================================================================

cscript userdelegation.vbs %USERACCOUNT% enable

@REM ======================================================================
@REM Use VB Scripts to give the machine the delegate right
@REM ======================================================================

cscript machinedelegation.vbs %MACHINE1%
cscript machinedelegation.vbs %MACHINE2%

@REM ======================================================================
@REM Use IISRESET to restart IIS on both servers
@REM ======================================================================

iisreset %MACHINE1%
iisreset %MACHINE2%
